Home > Ask the Security Experts > Network Security Questions & Answers > How to secure an FTP connection
Ask The Security Expert: Questions & Answers
EMAIL THIS

How to secure an FTP connection

Mike Chapple EXPERT RESPONSE FROM: Mike Chapple

Pose a Question
Other Security Categories
Meet all Security Experts
Become an Expert for this site


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


>
QUESTION POSED ON: 27 February 2008
We are attempting to FTP a file from our iSeries to a Unix system. The secure connection is set up via a VPN tunnel. Can you offer some best practices to enable the connection without opening ourselves up to security risks?

>
EXPERT RESPONSE
It sounds like you've already taken some strong measures toward securing your FTP connection. The first and most important step is to realize that FTP is an inherently insecure protocol and must be implemented only in the presence of compensating controls. FTP uses unencrypted connections, leaving both the data you transfer and your credentials exposed to eavesdropping attacks. This can be remedied this through the use of encryption, either by using Secure FTP (SFTP), which tunnels FTP through an encrypted SSH connection, or by using a VPN to encrypt the traffic.

Second, follow normal user security principles. If you're not running an anonymous FTP download service, provide each user with a unique username and strong password that they may use to access your FTP server.

Finally, configure your systems in a secure manner. Ensure that the FTP server is running a modern operating system and has all current security patches applied. Verify firewall settings and ensure that you allow the minimum number of ports from as few destinations as possible while still meeting business requirements.

More information:
  • Will FTP ever be a secure way to transfer files to and from servers?
  • Learn more about how some companies have plugged their FTP holes with secure FTP servers.


    • Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


    RELATED CONTENT
    Network Security
    What warning signs will indicate the presence of a P2P botnet?
    What reporting tools are available for an enterprise IDS?
    Is it possible to allow select access to IP addresses using Windows Server 2003?
    Is an IPsec VPN necessary when connecting remote servers that process financial transactions?
    What are best practices for creating an IDS and maintaining a signature database?
    What are the best ways to hide system information from network scanning software?
    What are the security risks of opening all the ports on an internal router?
    Will Cisco's plan to open access to the IOS improve network security?
    Will VoIP attacks result in more than just spam?
    Should enterprises implement a mandatory iPhone VPN?

    SSL
    Debian: A niche OS with a not-so-niche security flaw
    The Shortcut Guide to Extended Validation SSL Certificates
    Product review: Array Networks SPX2000
    How to test the security of personal details submitted to a website
    Should enterprises implement a mandatory iPhone VPN?
    Should iPhone email be sent without SSL encryption?
    Can Trojans and other malware exploit split-tunnel VPNs to infiltrate a network?
    What are the risks of connecting a Web service to an external system via SSL?
    What is the most secure way for application developers to manage cookies?
    For a small office, what are the best, least expensive office servers with secure access?

    Enterprise Data Protection
    How to avoid DLP implementation pitfalls
    Quiz: Data loss prevention
    PCI DSS 1.2 clarifies wireless, antivirus use
    Sophos to acquire mobile data protection company Utimaco
    Should users have a removable boot drive for online banking?
    Unified communications trigger data leakage dangers, survey finds
    NitroSecurity covers its bases with RippleTech deal
    Easing e-discovery preparation by mapping enterprise data
    Quiz:: E-discovery and security in the enterprise
    Growing Mac use prompts call for better security

    RELATED GLOSSARY TERMS
    Terms from Whatis.com − the technology online dictionary
    SSL VPN  (SearchSecurity.com)

    RELATED RESOURCES
    2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
    Search Bitpipe.com for the latest white papers and business webcasts
    Whatis.com, the online computer dictionary



    Search and Browse the Expert Answer Center
    Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
    Browse our Expert Advice



    Find Security Solutions for Your Business
    Targeted Security Channel Tips for Resellers, Integrators and Consultants
    TechTarget Security Media
    Information Security View this month\\'s issue and subscribe today.
    Information Security Decisions Apply online for free conference admission.
    		SearchSecurity.com
    HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
    SEARCH :     Advanced Search | Site Index Powered by: Search Powered by Google

    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




    All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy     		  TechTarget - The IT Media ROI Experts